a109ceb52769051d191d43981a4faffdf9867408e8ac70f6d2207e09dd114d6b

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 00:54

Target

2024-04-09_278f71d01e03416c480e79ed5c6c1b0e_mafia.exe
Size

411KB
MD5

278f71d01e03416c480e79ed5c6c1b0e
SHA1

9f3315c1668596c3bcc5dbf5e754739bd3502e35
SHA256

a109ceb52769051d191d43981a4faffdf9867408e8ac70f6d2207e09dd114d6b
SHA512

5279d586492828dedf3675e69dbeb5b5205f9618e162bffd9ff596d0697abde104cf89fdd64766faf8c9f2bd83f7887809ba89a9c0a00ef73f97baaad4846e54
SSDEEP

6144:gVdvczEb7GUOpYWhNVynE/mFA5QOvP3CSLU70oPf1KlGdfnKjFrbod8UqHI:gZLolhNVyEvaSLOnPf1RfKjFodpqHI

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1796	2202.tmp

Executes dropped EXE 1 IoCs

pid	Process
1796	2202.tmp

Loads dropped DLL 1 IoCs

pid	Process
3000	2024-04-09_278f71d01e03416c480e79ed5c6c1b0e_mafia.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 1796	3000	2024-04-09_278f71d01e03416c480e79ed5c6c1b0e_mafia.exe	28
PID 3000 wrote to memory of 1796	3000	2024-04-09_278f71d01e03416c480e79ed5c6c1b0e_mafia.exe	28
PID 3000 wrote to memory of 1796	3000	2024-04-09_278f71d01e03416c480e79ed5c6c1b0e_mafia.exe	28
PID 3000 wrote to memory of 1796	3000	2024-04-09_278f71d01e03416c480e79ed5c6c1b0e_mafia.exe	28

C:\Users\Admin\AppData\Local\Temp\2202.tmp

Filesize
411KB

MD5
db71af57e59fc2e17c92ebcce144239f

SHA1
e7f99034fd575fefcb7ca1968c107e81050c2890

SHA256
2477544d1bc90629888cdb77a078e95f33a361cea9e7e6fa551d22156d986803

SHA512
3574613de68b33076659ef4d977dabe1fb21ff548cd687a636e42dd77baf76f6c7e6ec15bf0ed1fe758a4d705c86673aa36b7f00e43ab75c3f54583cb5e5415e

Download Submit